Vulnerability Description
Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Usg2100 Firmware | <= v300r001c00 |
| Huawei | Usg2200 Firmware | <= v300r001c00 |
| Huawei | Usg5100 Firmware | <= v300r001c00 |
| Huawei | Usg5500 Firmware | <= v300r001c00 |
| Huawei | Usg2100 | - |
| Huawei | Usg2200 | - |
| Huawei | Usg5100 | - |
| Huawei | Usg5500 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-enVDB Entry
- http://www.securityfocus.com/bid/92441
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-enVDB Entry
- http://www.securityfocus.com/bid/92441
FAQ
What is CVE-2016-6669?
CVE-2016-6669 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allow...
How severe is CVE-2016-6669?
CVE-2016-6669 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6669?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Usg2100 Firmware, Huawei Usg2200 Firmware, Huawei Usg5100 Firmware, Huawei Usg5500 Firmware, Huawei Usg2100.